Inside the Round Podcast: Building Dune Security with David DellaPelle
Dune Security Co-Founder and CEO David DellaPelle joined the Inside the Round Podcast to share how Dune is tackling user risk and what it takes to build a modern cybersecurity company from the ground up.
.jpg)
Dune Security Co-Founder and CEO David DellaPelle appeared on the Inside the Round Podcast with Helena Fogarty to discuss the mission behind Dune: addressing human error as the leading cause of breaches and preventing AI-powered social engineering at scale.
David shared the company’s founding story, from recognizing the limits of legacy security awareness training to building a modernized platform focused on user-layer risk. He also reflected on the entrepreneurial journey – raising $8M in seed funding, building a world-class CISO advisory council, and navigating the resilience required to scale a cybersecurity startup. Throughout the conversation, David emphasized the importance of transparency, customer focus, and mission-driven culture in shaping Dune Security into a category-defining company.
Helena Fogerty:
Welcome to Inside the Round, the podcast where we speak with founders who have recently raised capital and learn how they did it. I’m Helena Fogerty, a fundraising expert who works with startups raising their pre-seed, seed, and Series A rounds.
Today I’m speaking with David DellaPelle, CEO and co-founder of Dune Security. Dune Security is tackling one of the biggest challenges in cybersecurity — human error, which causes the majority of data breaches. The company recently raised $8 million, led by Toba Capital, with participation from Craft Ventures, MassMutual Ventures, Alumni Ventures, Firestreak Ventures, and Sequoia Scout.
David, thanks for joining us today.
David DellaPelle:
Thanks so much for having me, Helena. Excited to be here.
Helena Fogerty:
Let’s start with why you founded Dune Security. What inspired you?
David DellaPelle:
It happened pretty organically. I’d been helping build other people’s companies — AI and cybersecurity startups — from pre-seed through post–Series D. I kept coming back to the same problem that’s been around forever in this industry: the human layer.
Depending on the data source, somewhere between 75% and 95% of breaches still start with human behavior. That might mean someone clicking a phishing link, being over-permissioned, or just having the wrong access inside a network.
For decades, the industry’s answer has been security awareness training, or “SAT.” But the truth is, legacy SAT is outdated, ineffective, and in many cases, counterproductive. The technology feels about a decade behind. Everyone’s just clicking through generic modules, and it’s not changing behavior — it’s creating tension between CISOs and employees.
I realized the market needed a new category leader to solve this problem — the same way companies like Abnormal Security did for email and Wiz did for cloud.
Helena Fogerty:
And how did the company actually get started?
David DellaPelle:
It’s a funny story. I met my co-founder, Michael Waite, who’s now our CTO, on a plane. There was a four-hour delay at JFK Airport due to a cybersecurity issue — all the systems were down. We ended up on the same flight to Portugal, both sitting in Comfort Plus on a half-empty plane.
The flight got rerouted to the Azores for a few hours, and during that layover, I pitched the idea to him. He had the perfect technical background to complement my business side, and we decided to build it together.
Helena Fogerty:
That’s amazing. So after that chance meeting, how did things progress?
David DellaPelle:
We started in April 2023, joining an accelerator called Antler in New York. It was a great environment — you see who’s really serious about building something durable. But we didn’t have the typical Silicon Valley founder story. We weren’t “three-time founders living in San Francisco.” We were in New York, building from the ground up, often overlooked because we didn’t fit the pattern.
We actually got rejected by Antler at first. They said there were no desks left. I met with Jeff Becker, the GP of Antler’s New York office, and told him, “That’s fine — we like standing.” That’s how we got in.
Helena Fogerty:
Were you always planning to be a founder?
David DellaPelle:
Not really. I’d started or tried to start five companies before this — some successful, some not. One was a construction business during COVID. Others were software ideas that didn’t pan out because of timing or co-founder mismatch.
I’ve always been creative and operationally efficient, but I didn’t set out thinking, I’m going to be a founder. It just evolved from pushing hard, learning constantly, and improving every step.
Helena Fogerty:
When did you realize Dune could be venture-backed and scalable?
David DellaPelle:
Honestly, I made some mistakes early on. In our first year, I spoke with over 200 VC firms — and got 196 nos. A lot of them told us we didn’t have the “right pedigree.”
One top-10 VC literally told me, “We don’t usually fund founders like you — you didn’t go to Wharton or Harvard, and your CTO didn’t go to Stanford.” I went to Cornell and NYU, Michael went to BYU. Hearing that was crazy. Then they funded one of our competitors — who we fully intend to outperform.
The turning point came when we stopped talking to VCs and started talking to customers. I spoke with 76 enterprise CISOs in three weeks. That’s when everything changed.
Helena Fogerty:
So what was your biggest lesson from that first fundraising year?
David DellaPelle:
That I should’ve spent less time chasing investors and more time solving customer problems. Early-stage founders get tons of feedback from VCs — most of it well-intentioned, but not all useful.
The best feedback came from CISOs who actually live the problem every day. Once I started focusing on them, product-market fit followed quickly.
Helena Fogerty:
That’s powerful. So how did you deal with all the rejection?
David DellaPelle:
You just have to love it. I saw rejection as proof we were onto something big — we’re building what I believe will be a $50 billion company that defines this category.
I also think resilience is learned, not inherited. You only build it through real adversity. I’ve had to bury two of my best friends at a young age. Those experiences shape you. One VC asked me, “What’s the hardest thing you’ve ever been through?” and I thought that was the best question I’d ever been asked.
Founders who haven’t faced adversity often crumble under pressure. Building a company is constant resistance — you’re fighting inertia every day.
Helena Fogerty:
That’s incredibly honest. How did that transparency play into your fundraising?
David DellaPelle:
I try to be transparent in everything I do — in pitches, in leadership, with investors. I was 28 when I started Dune. I wasn’t the youngest founder in the room, but I think having some life experience matters. Sometimes that’s even more important than work experience.
Helena Fogerty:
What surprised you most about raising money?
David DellaPelle:
That most VCs honestly don’t know what they’re talking about. The ones who funded us are fantastic — real partners — but many others just hadn’t built companies before.
I learned that you can’t learn fundraising by reading or talking — you learn it by doing. I wish I had focused earlier on customers rather than investors.
Helena Fogerty:
Let’s talk about the recent round. What was the process like?
David DellaPelle:
We officially started the process in November 2024 and had term sheets within two weeks. It was fast because by then, the business was taking off — we’d launched in June, signed major customers like Warner Music Group, Hugo Boss, Culligan, and OSF Health.
We ended up raising $8 million, led by Toba Capital, with Craft Ventures following on. The deal came together quickly, and we closed around the new year.
Helena Fogerty:
That’s impressive. Why do you think it went faster this time?
David DellaPelle:
Because we weren’t chasing VCs anymore. By that point, we had traction, ARR growth, and proof that the product worked. The best investors — people like Raj Aral at Toba Capital and Brian Murray at Craft Ventures — saw it immediately.
We turned down offers, too. We could’ve raised $15 million, but we only raised what we needed to reach the next stage. It’s like a video game — you level up, get stronger, and face tougher challenges. The only time you really lose is if you run out of lives — or in our world, money.
Helena Fogerty:
That’s a great analogy. So now that you’ve raised, what’s changed?
David DellaPelle:
Honestly, not much day to day. We didn’t pop champagne or post about it on LinkedIn. When we raise money, it just means it’s time to work harder. Every dollar we take is a responsibility to our investors, employees, and customers.
Our focus now is on scaling. We’ve added key hires — VP of Engineering, VP of Revenue — and the whole team is running full speed.
Helena Fogerty:
How do you balance that intensity with personal life?
David DellaPelle:
It’s tough. I’ll take a short ski weekend here and there, but otherwise, I’m all in. I started something we call Dune Drive Sundays — optional Sunday work sessions where the team comes in for five hours. Everyone was doing it anyway because they’re so mission-driven, so we just formalized it with good food and bonuses.
I also try to take care of myself physically — I eat clean and work out daily. That’s how I stay grounded.
Helena Fogerty:
Who do you lean on when things get hard?
David DellaPelle:
Definitely Michael Waite, my co-founder. We split equity 50/50, and we’re completely transparent with each other. I also talk a lot with Zach Walsh, the founder of HiFi, another Antler company that raised around the same time. We live in the same building and go through similar ups and downs. It’s important to have people you can be vulnerable with.
Helena Fogerty:
What advice would you give to founders earlier in the process?
David DellaPelle:
Stop chasing investors — talk to customers. That’s the biggest thing. Find people who have the problem you’re solving and start helping them. Create value first.
When someone messages me on LinkedIn asking to join Dune, I tell them: Show me something. Write some code, propose an idea, do something valuable first. The same goes for fundraising — don’t ask for money, show value.
Helena Fogerty:
That’s great advice.
David DellaPelle:
At the end of the day, startups win when they solve real problems. Our job is simple: talk to customers, build the right product, and execute fast. Everything else follows from that.
Helena Fogerty:
David, thank you so much for sharing your journey — and the lessons learned along the way.
David DellaPelle:
Thanks, Helena. It’s been great speaking with you.
Helena Fogerty:
This was Inside the Round. Until next time — stay strategic, and stay human.
Key Takeaways
- Legacy awareness training isn’t working. Most security programs still rely on outdated, one-size-fits-all awareness modules that create friction instead of impact. Dune Security is redefining human-layer defense by making simulations and training realistic, data-driven, and tailored to each user’s risk.
- Listening to CISOs changed everything. After more than 200 VC meetings, David realized the real validation came from customers. Speaking with 76 enterprise CISOs in three weeks gave Dune direct insight into what the market actually needed and shaped the company’s product roadmap.
- Resilience is the real differentiator. David learned that persistence and adversity build stronger founders. Every “no” became part of the process, sharpening Dune’s focus and fueling the conviction to build a company capable of redefining an entire category in cybersecurity.
- Quality of investors matters more than quantity. Dune stopped chasing every fund and focused on partners who truly understood cybersecurity and had built companies themselves. That focus led to an $8 million seed round led by Toba Capital and Craft Ventures.
- Capital is a responsibility, not a reward. For David, raising money isn’t a moment to celebrate but a commitment to execute. Every dollar represents trust from investors, employees, and customers - and Dune’s only goal is to turn that trust into measurable impact and enterprise value.
Featured Speakers
-min.jpg)
Never Miss a Human Risk Insights
Subscribe to the Dune Risk Brief - weekly trends, threat models,and strategies for enterprise CISOs.
FAQs
Complete the form below to get started.
How Attackers Exploit Trusted Access in BPO Environments
Learn why BPO environments are increasingly targeted by social engineering and how user cyber risk spreads across outsourced operations and client organizations.
How Impersonation-Based Social Engineering Drives Enterprise Cyber Risk
Impersonation-based social engineering attacks are driving disproportionate enterprise risk. Learn why they work and what it takes to defend against them.
Cybersecurity in Healthcare: How Social Engineers Target Patient Data and Hospital Operations
Healthcare’s reliance on digital systems and high-pressure clinical environments has made user risk a patient safety issue, and organizations must rethink how they prepare their workforce for modern attacks.
Never Miss a Human Risk Insights
and strategies for enterprise CISOs.
Ready to See Dune in Action?